1. Field of the Invention
The present invention relates to the field of secure software rental systems.
2. Background Art
The use of personal computers (PC) and communication modems (CM) has increased significantly in recent years and is expected to continue to grow. Using electronic mail capabilities, PC users communicate more frequently amongst themselves. Additionally, centralized computer systems have evolved allowing PC users to access large databases. Such databases include various information libraries: news, weather, sports, stock markets, entertainment, education, and so on. Access to such databases is commonly controlled so that users must subscribe to the centralized computer systems. In a typical session, the user connects to the centralized computer system using the PC, transfers information to the user""s PC, and is further useable without being connected to the database of the centralized computer system. The centralized computer system enables a large number of users to concurrently access the database of the central computer system.
While centralized computer systems frequently provide access to information databases, such systems less frequently provide access to copyrighted application software. The primary reason for not providing copyrighted application software from databases of centralized computer systems is due to a lack of tamper-proof security methods and apparatuses for preventing unauthorized copying of copyrighted application software. Prior art systems do not provide a comprehensive method or apparatus for permitting the rental of copyrighted application software without having any possibility of the copyrighted application software being copied and used without being connected to the database.
A prior art system, disclosed in U.S. Pat. Nos. 4,796,181 and 5,047,928 issued to John D. Wiedemer on Jan. 3, 1989 and Sep. 10, 1991, respectively, implements a computer software security and billing system that enciphers an application program using a numeric key. The computer of the user requires a hardware security device and a removable billing device. Both devices carry unique codes. The security device containing the billing device is coupled to the user""s computer. A security program accesses the application software and writes billing information into the billing device. The billing module must be periodically replaced so the user can be charged for the software usage. Thus, the system of Wiedemer is directed to a security device including a billing device that is installed in a user""s computer for enciphering/deciphering software and billing for usage of the software. This system disadvantageously requires special hardware for billing use of application software and does not use a dynamic password for preventing unauthorized use of application software.
Another prior art system, disclosed in U.S. Pat. No. 4,999,806 issued to Fred Chernow, et al., on Mar. 12, 1991, is a system for distributing software by telephone. A central station accepts credit card information, transmits an acceptance code to a caller, and terminates the call. The central station first verifies the caller""s credit card, and then calls back the caller. The transaction is continued after receiving the acceptance code. The central station transfers a control transfer program and initialization program to the caller. The caller (or purchaser) executes the initialization program so that the central station can control the caller""s computer. The control transfer program then transfers a protection program for ensuring that a copying program is not resident in the memory of the caller""s computer. A storing program is then transferred to the caller""s computer for modifying the purchased program for storage on the caller""s computer. The purchased program is then transferred to the caller""s computer. During execution of the system for distributing software, the various transmitted programs are erased so that only a copy of the purchased software remains on the caller""s computer. Thus, the system of Chernow, et al., is directed to a system of transmitting copy protected versions of software to a caller""s computer for a limited amount of time similar to a demonstration. The system of Chernow et al., is similar to copy protection of software and does not use a dynamic password for preventing unauthorized use of application software.
A further prior art system, disclosed in U.S. Pat. No. 5,138,712 issued to John R. Corbin on Aug. 11, 1992, implements a method and apparatus for licensing software on a computer network. Encrypted license information is stored in a license token, and is sorted in a database controlled by a license server. To access a program, the license server locates the correct license token for a software application and transmits the license token to a license library. The application has an attached application specific license access module that decodes the licensing token. The license information is verified by license library routines coupled to the software application. The license is then checked out and the license token is updated. The application specific license access module encodes the updated license token before returning it to the license server. Thus, only a single application can be breached by unauthorized cracking of an encrypted application. Thus, the system of Corbin is directed to providing network protection against unauthorized use of software in a computer network.
Thus, the prior art is not able to provide a dynamic secure software rental system.
The present invention is a system for providing secure access and execution of application software stored on a first computer by a second computer using a communication device while a communication link is maintained between the first and second computers. More specifically, the present invention is a secure software rental system. The system enables a user in a remote location using a personal computer and a modem to connect to a central rental facility, transfer application software from the central rental facility to the remote computer, and execute the application software on the remote computer while electronically connected to the central rental facility. When the communication link between the central and remote computers is interrupted or terminated, the application software no longer executes on the remote computer. This is accomplished by integrating header software with the application software according to the present invention.
The application software stored on the central rental facility is integrated with the header software to provide a security feature of the present invention. The use of header software allows the user to only execute the application software while the user is electronically connected to the central rental facility continuously. This prevents the user from copying the application software to a storage device of the remote computer, and subsequently executing the application software after interrupting or terminating the communications link between the central and remote computers.
The system of the present invention comprises a plurality of remote computers, communication modems, a multiuser communication modem, a database computer, and a memory system. The user connects the remote computer to the database of the central rental facility using methods well-known in the art of computer communications. However, the central rental facility requires the user to provide a unique user identification password to access the system. Each user of the system is allocated a unique user identification password.
A plurality of users having remote computers are able to communicate with the central rental facility using multiuser communication modem coupled to the central rental facility. The database computer comprises a multiuser, multitasking controller, password validation modules, user registration databases, and memory system. When a user transmits a password to the central rental facility, the central rental facility activates the user registration database through the user password module. The user registration database contains information about each user that is stored in a separate file for each user. The user validation module compares the password with the password stored in the user registration database for the user. When the password is validated, the controller of the central rental facility establishes continuous connection with the remote computer of the user. Otherwise, communications with the remote computer are terminated.
When the continuous connection between the central rental facility and the remote computer is established, the user is able to access rental application software database through a directory request module of the central rental facility. The multiuser controller of the central rental facility initiates the interface between the user and the rental application software database. The user is then able to select application software from the rental application software database. When the user selects a software application, the multiuser controller of the central rental facility transfers the software application to the remote computer using a file transfer module. The software is transmitted through the multiuser communication modem of the central rental facility and the communication modem of the remote computer to the user.
When the application software is transferred to the remote computer, the central rental facility registers a transfer time. The transfer time is temporarily stored in the user file for transfer of the application software. The temporary storage on the central rental facility is only maintained during the time that the user is continuously connected to the central rental facility. The multiuser controller of the central rental facility stores the transfer time of each application software that the user transfers in a separate file. The multiuser controller also transmits a message containing the transfer time and an identification number for each transmitted application software to the remote computer. The message is encrypted by the central rental facility before transfer, and transmission of the message is accomplished transparently to the user. The user is then able to execute the application software.
The application software executes normally on the remote computer without any apparent modification of the application software. However, each application software of the rental application software database is modified to include header software. The application software is coupled to the header software by interface parameters. When executing the application software, the header software is an integral part of the application software and is executed as part of the initialization process for the application software. The interface parameters are adapted to the application software although the header software is the same for all application software. The internal functions of the header software includes a rental security manager, user processor clock interface, user operating system interface, and user display interface. The header software primarily carries out dynamic password verification, which is an asynchronous process with respect to the functions of the application software and is carried out at finite intervals of time.
The rental security manager performs functions including interfacing with the communication manager that in turn interfaces with the communication modem, interfacing with the controller of the central rental facility, and interfacing with the application software. Also, the rental security manager generates passwords, correlate passwords, executes authorization verification, continues authorization verification, and terminates execution of the application software. The user processor clock interface obtains the current time from the user processor at finite intervals and provides it to the rental security manager. The user operating system interface determines the appropriate interface parameters for executing the application software on the operating system on the remote computer. The user display interface generates and provides messages to the user as necessary.
When the user executes the application software, the rental security manager initiates authorization verification. The authorization verification process begins by obtaining the time through the user processor clock interface. The rental security manager decrypts the authorization verification message containing the rental application software transfer time from the central rental facility. It determines the time difference between the transfer time from the central rental facility and the user processor clock time of the remote computer. The rental security manager generates a new authorization verification password using the time difference and the user identification password. It stores the new authorization verification password temporarily in a store of the rental security manager. The rental security manager then prepares a message containing the clock time, the user identification password, and identification number of the application software. The rental security manager encrypts the message, and transfers it to the central rental facility.
The multiuser controller of the central rental facility decrypts the transmitted message. It then computes a time difference by differencing the user processor clock time and the transfer time. The transfer time was stored previously in the user file for the application software. The multiuser controller generates an authorization verification password using the time difference computed by the controller and the decrypted user identification password. The multiuser controller creates a new message containing the processor clock time, the user identification password, and the authorization verification password. The message is encrypted by the multiuser controller, and transmitted to the remote computer.
The rental security manager decrypts the received message. The decrypted message is compared against the stored user processor clock time, the user identification password, and the authorization verification password using the password correlation module. When the password correlation module completes successfully, the authorization verification process is completed and the application software continues to execute. Otherwise, the authorization verification fails and termination of the executing application software is initiated. The user is notified of the authorization verification failure. The system performs the authorization verification process three times consecutively when failures occur before terminating the application software execution. The above listed steps are repeated at fixed time intervals during execution of the application software. The authorization verification process occurs transparently to the user when successful.
The authorization verification method thus prevents the user from circumventing the rental scheme in three ways. In one case, it prevents the user from transferring the application software to the remote computer and disconnecting the communication link while executing the application software. This attempt fails because the rental security manager is unable to communicate with the central rental facility. In another case, the authorization verification method prevents the user from copying the application software to a storage device, disconnecting the communication link, and re-executing the application software. This attempt fails because the transfer time is not available or the rental security manager is unable to communicate with the central rental facility. In yet another case, it prevents the user from establishing a communication link and re-executing a previously copied version of the application software that was stored on the remote computer. This attempt fails because the previous transfer time cannot be found on the central rental facility.
The invention is applied to an on-line electronic postage metering system that operates in conjunction with the United States Postal Service (USPS) in one embodiment. The rental software is an on-line postage metering program that comprises a header (user) code which resides on a user computer and a controller code which resides on a postal security device (PSD) server. The on-line postage metering program allows a user to print a postal indicium at home, at office, or any other desired place in a secure and fraud-free manner. A user computer and a user printer, electronically connected to the PSD server and the USPS computer, constitute an on-line electronic postage meter.
In the postage metering embodiment, a licensed, registered user can send a request for a postage print to the PSD server including a desired amount of postage. In response, the PSD server verifies the fund to cover the requested amount of postage and grants the request The user computer then sends an image of postal indicium for the granted amount to the user printer so that a postal indicium is printed on an envelope or a label. The printed indicium appears as a two-dimensional bar-code that includes a unique serial number, mail delivery point information, and the amount of postage. Each time a user sends a postage print request to the PSD server, the request must be authenticated by asynchronous dynamic password verification method. If the user goes off-line at any time during the postage metering session or password verification fails, the asynchronous dynamic password verification method terminates the session.
The present invention provides a secure system for allowing remote execution of rental application software and monitoring the time period that the application software is executed. The system also allows a single user to access more than one application software while independently monitoring each execution of application software using the multiuser, multitasking controller of the central rental facility. The multiuser, multitasking controller of the central rental facility is also capable of interfacing with a plurality of users concurrently.